Collaborate Disseminate
Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.The vulnerability is a stack buffer overflow in the featur… Continue reading Apple fixes wireless-based remote code execution flaw in iOS
Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.The vulnerability is a stack buffer overflow in the featur… Continue reading Apple fixes wireless-based remote code execution flaw in iOS
Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victi… Continue reading A free decryption tool is now available for all Bart ransomware versions
Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victi… Continue reading A free decryption tool is now available for all Bart ransomware versions
Over the past few years, the world has seen ransomware threats advance from living inside browsers to operating systems, to the bootloader, and now to the low-level firmware that powers a computer’s hardware components.Earlier this year, a team of r… Continue reading UEFI flaws can be exploited to install highly persistent ransomware
Over the past few years, the world has seen ransomware threats advance from living inside browsers to operating systems, to the bootloader, and now to the low-level firmware that powers a computer’s hardware components.Earlier this year, a team of r… Continue reading UEFI flaws can be exploited to install highly persistent ransomware
Six months ago, Google offered to pay US$200,000 to any researcher who could remotely hack into an Android device by knowing only the victim’s phone number and email address. No one stepped up to the challenge.
While that might sound like good news and a testament to the mobile operating system’s strong security, that’s likely not the reason why the company’s Project Zero Prize contest attracted so little interest. From the start, people pointed out that $200,000 was too low a prize for a remote exploit chain that wouldn’t rely on user interaction.
“If one could do this, the exploit could be sold to other companies or entities for a much higher price,” one user responded to the original contest announcement in September.
To read this article in full or to leave a comment, please click here
Continue reading Google’s Android hacking contest fails to attract exploits
Six months ago, Google offered to pay US$200,000 to any researcher who could remotely hack into an Android device by knowing only the victim’s phone number and email address. No one stepped up to the challenge.
While that might sound like good news and a testament to the mobile operating system’s strong security, that’s likely not the reason why the company’s Project Zero Prize contest attracted so little interest. From the start, people pointed out that $200,000 was too low a prize for a remote exploit chain that wouldn’t rely on user interaction.
“If one could do this, the exploit could be sold to other companies or entities for a much higher price,” one user responded to the original contest announcement in September.
To read this article in full or to leave a comment, please click here
Continue reading Google’s Android hacking contest fails to attract exploits
A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that’s no longer supported but still widely used.
The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003.
Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.
To read this article in full or to leave a comment, please click here
Continue reading Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server
A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that’s no longer supported but still widely used.
The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003.
Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.
To read this article in full or to leave a comment, please click here
Continue reading Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server